SlideShare une entreprise Scribd logo

Using Measured Security Awareness To Combat Phishing Attacks

Télécharger en tant que POTX, PDF
Nicholas Davis
Nicholas Davis

This presentation discusses how to detect phishing and provides some background on using a measured security awareness service as a continuing education tool. The presentation gives examples of how phishing can be used in a constructive manner, to give end users a real-life experience, dealing with phishing and spear phishing attacks.

TechnologieBusiness
1  sur  25
Measured Security Awareness Service Presented by Nicholas Davis, CISSP, CISA
Overview Phishing Background Threat to IT on campus Phishing education Tricks employed Sample phishing emails unique to UWMadison Spotting the phish, after the click How measured security awareness works Conducting a campaign in your department Q&A session 1/10/2014 UNIVERSITY OF WISCONSIN 2
Phishing Defined Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication, usually email. 1/10/2014 UNIVERSITY OF WISCONSIN 3
Famous Nigerian Phish 1/10/2014 UNIVERSITY OF WISCONSIN 4
Why Phishing Is Such a Threat UW-Madison IT infrastructure is designed to protect the campus computing assets with many technical controls However, this persuades hackers to pursue access via alternate means, often choosing to exploit the human factor 1/10/2014 UNIVERSITY OF WISCONSIN 5
Your Password Is the Key to the Kingdom If an attacker can persuade you to give them your password, they can evade all the controls put in place to protect sensitive systems 1/10/2014 UNIVERSITY OF WISCONSIN 6
UW-Madison’s Proprietary Research Interests Phishers Consider the value of UW-Madison’s intellectual property 1/10/2014 UNIVERSITY OF WISCONSIN 7
I am Too Smart to Fall For a Trick Like Phishing Most large organizations have a phishing participation rate of around 10% This rises when the population become the subjects of Spear Phishing, which is phishing email designed specifically for the recipient 1/10/2014 UNIVERSITY OF WISCONSIN 8
Phishing Relies Upon Social Engineering The practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security either personal or professional. Social engineering techniques are considered con games which are performed by con artists. The targets of social engineering may never realize they have been victimized. 1/10/2014 UNIVERSITY OF WISCONSIN 9
Tricks Used By Expert Phishers Socially Aware: Mining of information about the target from publicly available resources, such as Facebook, property records, or even CCAP Context Aware: Make reference to an activity you are likely to engage in, such as Amazon.com, or UPS package receipt 1/10/2014 UNIVERSITY OF WISCONSIN 10
Specific Examples of Complex Phishing Attempts Baiting: Placing a USB flash drive or CD, with malware on it, in a public place 1/10/2014 UNIVERSITY OF WISCONSIN 11
Specific Examples of Complex Phishing Attempts QR Code Curiosity: Embedding malicious code within a QR code, on a printout posted to a community bulletin board 1/10/2014 UNIVERSITY OF WISCONSIN 12
Specific Examples of Complex Phishing Attempts Out of Office, Out of Control: Taking advantage of an autoresponder, leveraging specific knowledge to exploit co-workers 1/10/2014 UNIVERSITY OF WISCONSIN 13
What Would Happen If You Received This Email? 1/10/2014 UNIVERSITY OF WISCONSIN 14
What Would Happen If You Received This Email? 1/10/2014 UNIVERSITY OF WISCONSIN 15
Tips To Spot Social Engeering Within a Phishing Attempt Asks you to verify a sensitive piece of information A sense of urgency is implied in the message An overt or implied threat may be present Flattery is used to get you to drop your guard Use, and sometimes overuse of organizational knowledge in employed A bribe or reward for your “help” may be offered 1/10/2014 UNIVERSITY OF WISCONSIN 16
Have You Ever Been Successfully Phished? 1/10/2014 UNIVERSITY OF WISCONSIN 17
Spotting the Phish After the Click Website address looks odd or incorrect IP address shows in address bar Multiple pop-ups appear on top of legitimate website window Website contains spelling or grammar errors No SSL lock is present on what should be a secure site 1/10/2014 UNIVERSITY OF WISCONSIN 18
Can You Spot the Issue Here 1/10/2014 UNIVERSITY OF WISCONSIN 19
Combat Phishing Attempts Never give away personal information, especially username and password Don’t let curiosity get the best of you Look for the tell-tail signs we have discussed today There are no situations which justify exceptions If something sounds too good to be true… 1/10/2014 UNIVERSITY OF WISCONSIN 20
Measured Security Awareness Learning Through Doing Studies demonstrate that people tend to forget formal education, over time The best way to learn and remember, is through experience Measured security awareness is the ability to engage in realistic training within a safe, controlled and blame free environment 1/10/2014 UNIVERSITY OF WISCONSIN 21
UW-Madison’s Measured Security Awareness Program The Division of Information Technology has purchased a vendor solution which enables us to conduct measured security awareness campaigns The system is safe The system does NOT collect personal information such as who clicked on links, etc. Information is only reported in aggregate DoIT has been internally phishing 850 internal staff for over a year 1/10/2014 UNIVERSITY OF WISCONSIN 22
Results So Far, at DoIT At first, people were apprehensive The beginning phishes were easy After people get accustomed to it, attitudes became more accepting After a year, most people are enjoying the challenge Most importantly, many fewer people are falling for the phish 1/10/2014 UNIVERSITY OF WISCONSIN 23
This Proposal Smells Phishy Over the next six months, you will be presented with 12 phishing attacks Some will be easy to detect, others will be more sophisticated and difficult to detect We may even go on a Whaling Expedition! Do you know that that is? Participation rate will be collected (in aggregate) and summarized in a report 1/10/2014 UNIVERSITY OF WISCONSIN 24
Q&A Session Are you ready for a phishing expedition? Nicholas Davis ndavis1@wisc.edu 1/10/2014 UNIVERSITY OF WISCONSIN 25

Recommandé

Back to school - CYBER SAFETY
Back to school - CYBER SAFETYBack to school - CYBER SAFETY
Back to school - CYBER SAFETYSairam
 
SOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYSOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYMarketingatBahrain
 
Social media risk
Social media riskSocial media risk
Social media riskMosoco Ltd
 
Krishna cyber safety
Krishna cyber safetyKrishna cyber safety
Krishna cyber safetyJana Jiwan Secondary School, Khairahani-2, Chainpur
 
Cyber Security Awareness Program
Cyber Security Awareness ProgramCyber Security Awareness Program
Cyber Security Awareness ProgramJohn Rocco
 
Computer Project on Cyber Safety
Computer Project on Cyber SafetyComputer Project on Cyber Safety
Computer Project on Cyber SafetyHarsh Tekriwal
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
Cyber security
Cyber security Cyber security
Cyber security ZwebaButt
 

Recommandé

Back to school - CYBER SAFETY
Back to school - CYBER SAFETYBack to school - CYBER SAFETY
Back to school - CYBER SAFETYSairam
 
SOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYSOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYMarketingatBahrain
 
Social media risk
Social media riskSocial media risk
Social media riskMosoco Ltd
 
Krishna cyber safety
Krishna cyber safetyKrishna cyber safety
Krishna cyber safetyJana Jiwan Secondary School, Khairahani-2, Chainpur
 
Cyber Security Awareness Program
Cyber Security Awareness ProgramCyber Security Awareness Program
Cyber Security Awareness ProgramJohn Rocco
 
Computer Project on Cyber Safety
Computer Project on Cyber SafetyComputer Project on Cyber Safety
Computer Project on Cyber SafetyHarsh Tekriwal
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
Cyber security
Cyber security Cyber security
Cyber security ZwebaButt
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Spear Phishing Attacks
Spear Phishing AttacksSpear Phishing Attacks
Spear Phishing AttacksIsaacDavid27
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Amir bouker
Amir bouker Amir bouker
Amir bouker Amir Bouker
 
Cybercrimes
CybercrimesCybercrimes
CybercrimesSNOW WHITE
 
Cyber ethics cbse class xi
Cyber ethics cbse class xiCyber ethics cbse class xi
Cyber ethics cbse class xiArchana Dwivedi
 
Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
Cyberspace slide show
Cyberspace slide showCyberspace slide show
Cyberspace slide showBeckusq
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesParsons Behle & Latimer
 
CYBER SECURITY ON SOCIAL MEDIA
CYBER SECURITY ON SOCIAL MEDIACYBER SECURITY ON SOCIAL MEDIA
CYBER SECURITY ON SOCIAL MEDIAcharitha garimella
 
Social Networking Security
Social Networking SecuritySocial Networking Security
Social Networking SecurityS. M. Shakib Limon
 
Module 5: Safety
Module 5: SafetyModule 5: Safety
Module 5: SafetyKarel Van Isacker
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessCyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessArjith K Raj
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismawderdlfy
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006Ben Rothke
 
Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety Sadaf Walliyani
 
Securityawareness
SecurityawarenessSecurityawareness
SecurityawarenessJayfErika
 
Online Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment TechnologiesOnline Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment TechnologiesMark Jhon Oxillo
 
Portafolio de Servicios Prisma soluciones
Portafolio de Servicios Prisma soluciones Portafolio de Servicios Prisma soluciones
Portafolio de Servicios Prisma soluciones Prisma Soluciones en Información
 
#ALLINtegrated - Francis Petty - Creatividad integrada
#ALLINtegrated - Francis Petty - Creatividad integrada#ALLINtegrated - Francis Petty - Creatividad integrada
#ALLINtegrated - Francis Petty - Creatividad integradaamdia
 

Contenu connexe

Tendances

Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Spear Phishing Attacks
Spear Phishing AttacksSpear Phishing Attacks
Spear Phishing AttacksIsaacDavid27
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Cyber ethics cbse class xi
Cyber ethics cbse class xiCyber ethics cbse class xi
Cyber ethics cbse class xiArchana Dwivedi
 
Cyberspace slide show
Cyberspace slide showCyberspace slide show
Cyberspace slide showBeckusq
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesParsons Behle & Latimer
 
CYBER SECURITY ON SOCIAL MEDIA
CYBER SECURITY ON SOCIAL MEDIACYBER SECURITY ON SOCIAL MEDIA
CYBER SECURITY ON SOCIAL MEDIAcharitha garimella
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessCyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessArjith K Raj
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismawderdlfy
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006Ben Rothke
 
Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety Sadaf Walliyani
 
Securityawareness
SecurityawarenessSecurityawareness
SecurityawarenessJayfErika
 
Online Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment TechnologiesOnline Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment TechnologiesMark Jhon Oxillo
 

Tendances (20)

Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Spear Phishing Attacks
Spear Phishing AttacksSpear Phishing Attacks
Spear Phishing Attacks
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Amir bouker
Amir bouker Amir bouker
Amir bouker
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
 
Cyber ethics cbse class xi
Cyber ethics cbse class xiCyber ethics cbse class xi
Cyber ethics cbse class xi
 
Mobile security
Mobile securityMobile security
Mobile security
 
Cyberspace slide show
Cyberspace slide showCyberspace slide show
Cyberspace slide show
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
 
CYBER SECURITY ON SOCIAL MEDIA
CYBER SECURITY ON SOCIAL MEDIACYBER SECURITY ON SOCIAL MEDIA
CYBER SECURITY ON SOCIAL MEDIA
 
Social Networking Security
Social Networking SecuritySocial Networking Security
Social Networking Security
 
Module 5: Safety
Module 5: SafetyModule 5: Safety
Module 5: Safety
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessCyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Rothke Sia 2006
Rothke Sia 2006Rothke Sia 2006
Rothke Sia 2006
 
Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
 
Online Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment TechnologiesOnline Safety, Security, Ethics, and Netiquette - Empowerment Technologies
Online Safety, Security, Ethics, and Netiquette - Empowerment Technologies
 

En vedette

#ALLINtegrated - Francis Petty - Creatividad integrada
#ALLINtegrated - Francis Petty - Creatividad integrada#ALLINtegrated - Francis Petty - Creatividad integrada
#ALLINtegrated - Francis Petty - Creatividad integradaamdia
 
Articulo aenor ogesa
Articulo aenor ogesaArticulo aenor ogesa
Articulo aenor ogesapaloceropalo
 
Conociendo mejor a los usuarios y no-usuarios del Museo Nacional de Historia ...
Conociendo mejor a los usuarios y no-usuarios del Museo Nacional de Historia ...Conociendo mejor a los usuarios y no-usuarios del Museo Nacional de Historia ...
Conociendo mejor a los usuarios y no-usuarios del Museo Nacional de Historia ...Claudio Gómez
 
As Business Trends 2016-2025, HSM Management Ed 115
As Business Trends 2016-2025, HSM Management Ed 115As Business Trends 2016-2025, HSM Management Ed 115
As Business Trends 2016-2025, HSM Management Ed 115Luis Rasquilha
 
Mistura 2010
Mistura 2010Mistura 2010
Mistura 2010Apega
 
Physical internet manifest v 1.8.2 2011-03-28 ml-ed (ger)
Physical internet manifest v 1.8.2 2011-03-28 ml-ed (ger)Physical internet manifest v 1.8.2 2011-03-28 ml-ed (ger)
Physical internet manifest v 1.8.2 2011-03-28 ml-ed (ger)physical_internet
 
E-Mail-Marketing im digitalen Transformationsprozess
E-Mail-Marketing im digitalen TransformationsprozessE-Mail-Marketing im digitalen Transformationsprozess
E-Mail-Marketing im digitalen TransformationsprozessTANNER AG
 
Prime residence pampulha (31) 8817 5000
Prime residence pampulha (31) 8817 5000Prime residence pampulha (31) 8817 5000
Prime residence pampulha (31) 8817 5000LEONARDO BARROS
 
Santos boaventura de s. & cunha teresa (ed). colóquio internacional epis...
Santos boaventura de s. & cunha teresa (ed). colóquio internacional epis...Santos boaventura de s. & cunha teresa (ed). colóquio internacional epis...
Santos boaventura de s. & cunha teresa (ed). colóquio internacional epis...j g
 
Una actividad que me gusta realizar... Viajar!
Una actividad que me gusta realizar... Viajar!Una actividad que me gusta realizar... Viajar!
Una actividad que me gusta realizar... Viajar!Alejandra Sierra
 
Catálogo alternative beer 2016
Catálogo alternative beer 2016Catálogo alternative beer 2016
Catálogo alternative beer 2016Alternative Beer
 
Conducta suicida.... trabajo de psiquiatria.. dr. barrios
Conducta suicida.... trabajo de psiquiatria.. dr. barriosConducta suicida.... trabajo de psiquiatria.. dr. barrios
Conducta suicida.... trabajo de psiquiatria.. dr. barriosJesusDavidAM
 
Destapar la Pobreza en el Trabajo
Destapar la Pobreza en el TrabajoDestapar la Pobreza en el Trabajo
Destapar la Pobreza en el TrabajoHoac Granada
 
Horsehead Holdings: Equity Committee's Objection to Confirmation (redacted)
Horsehead Holdings: Equity Committee's Objection to Confirmation (redacted)Horsehead Holdings: Equity Committee's Objection to Confirmation (redacted)
Horsehead Holdings: Equity Committee's Objection to Confirmation (redacted)Guy Spier
 
Geología Estructural Aplicada a la Minería y Exploración Minera: Principios B...
Geología Estructural Aplicada a la Minería y Exploración Minera: Principios B...Geología Estructural Aplicada a la Minería y Exploración Minera: Principios B...
Geología Estructural Aplicada a la Minería y Exploración Minera: Principios B...Alfredo Fernando Vergara Pangue
 
eHealth Summit: "Case Study: The applied research for connected health (ARCH)...
eHealth Summit: "Case Study: The applied research for connected health (ARCH)...eHealth Summit: "Case Study: The applied research for connected health (ARCH)...
eHealth Summit: "Case Study: The applied research for connected health (ARCH)...3GDR
 

En vedette (20)

Portafolio de Servicios Prisma soluciones
Portafolio de Servicios Prisma soluciones Portafolio de Servicios Prisma soluciones
Portafolio de Servicios Prisma soluciones
 
#ALLINtegrated - Francis Petty - Creatividad integrada
#ALLINtegrated - Francis Petty - Creatividad integrada#ALLINtegrated - Francis Petty - Creatividad integrada
#ALLINtegrated - Francis Petty - Creatividad integrada
 
Articulo aenor ogesa
Articulo aenor ogesaArticulo aenor ogesa
Articulo aenor ogesa
 
Conociendo mejor a los usuarios y no-usuarios del Museo Nacional de Historia ...
Conociendo mejor a los usuarios y no-usuarios del Museo Nacional de Historia ...Conociendo mejor a los usuarios y no-usuarios del Museo Nacional de Historia ...
Conociendo mejor a los usuarios y no-usuarios del Museo Nacional de Historia ...
 
As Business Trends 2016-2025, HSM Management Ed 115
As Business Trends 2016-2025, HSM Management Ed 115As Business Trends 2016-2025, HSM Management Ed 115
As Business Trends 2016-2025, HSM Management Ed 115
 
Mistura 2010
Mistura 2010Mistura 2010
Mistura 2010
 
Z4 mz6musersguide
Z4 mz6musersguideZ4 mz6musersguide
Z4 mz6musersguide
 
Physical internet manifest v 1.8.2 2011-03-28 ml-ed (ger)
Physical internet manifest v 1.8.2 2011-03-28 ml-ed (ger)Physical internet manifest v 1.8.2 2011-03-28 ml-ed (ger)
Physical internet manifest v 1.8.2 2011-03-28 ml-ed (ger)
 
E-Mail-Marketing im digitalen Transformationsprozess
E-Mail-Marketing im digitalen TransformationsprozessE-Mail-Marketing im digitalen Transformationsprozess
E-Mail-Marketing im digitalen Transformationsprozess
 
Prime residence pampulha (31) 8817 5000
Prime residence pampulha (31) 8817 5000Prime residence pampulha (31) 8817 5000
Prime residence pampulha (31) 8817 5000
 
Santos boaventura de s. & cunha teresa (ed). colóquio internacional epis...
Santos boaventura de s. & cunha teresa (ed). colóquio internacional epis...Santos boaventura de s. & cunha teresa (ed). colóquio internacional epis...
Santos boaventura de s. & cunha teresa (ed). colóquio internacional epis...
 
Una actividad que me gusta realizar... Viajar!
Una actividad que me gusta realizar... Viajar!Una actividad que me gusta realizar... Viajar!
Una actividad que me gusta realizar... Viajar!
 
Catálogo alternative beer 2016
Catálogo alternative beer 2016Catálogo alternative beer 2016
Catálogo alternative beer 2016
 
Conducta suicida.... trabajo de psiquiatria.. dr. barrios
Conducta suicida.... trabajo de psiquiatria.. dr. barriosConducta suicida.... trabajo de psiquiatria.. dr. barrios
Conducta suicida.... trabajo de psiquiatria.. dr. barrios
 
Destapar la Pobreza en el Trabajo
Destapar la Pobreza en el TrabajoDestapar la Pobreza en el Trabajo
Destapar la Pobreza en el Trabajo
 
Horsehead Holdings: Equity Committee's Objection to Confirmation (redacted)
Horsehead Holdings: Equity Committee's Objection to Confirmation (redacted)Horsehead Holdings: Equity Committee's Objection to Confirmation (redacted)
Horsehead Holdings: Equity Committee's Objection to Confirmation (redacted)
 
Cobalto
CobaltoCobalto
Cobalto
 
Geología Estructural Aplicada a la Minería y Exploración Minera: Principios B...
Geología Estructural Aplicada a la Minería y Exploración Minera: Principios B...Geología Estructural Aplicada a la Minería y Exploración Minera: Principios B...
Geología Estructural Aplicada a la Minería y Exploración Minera: Principios B...
 
eHealth Summit: "Case Study: The applied research for connected health (ARCH)...
eHealth Summit: "Case Study: The applied research for connected health (ARCH)...eHealth Summit: "Case Study: The applied research for connected health (ARCH)...
eHealth Summit: "Case Study: The applied research for connected health (ARCH)...
 
Marcapasos
MarcapasosMarcapasos
Marcapasos
 

Similaire à Using Measured Security Awareness To Combat Phishing Attacks

CyberFirst-Navigators-Lesson-1-presentation.pptx
CyberFirst-Navigators-Lesson-1-presentation.pptxCyberFirst-Navigators-Lesson-1-presentation.pptx
CyberFirst-Navigators-Lesson-1-presentation.pptxneyoge6666
 
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...EC-Council
 
Safeguarding K-12 Organizations from Cybersecurity Threats WPGC.pdf
Safeguarding K-12 Organizations from Cybersecurity Threats WPGC.pdfSafeguarding K-12 Organizations from Cybersecurity Threats WPGC.pdf
Safeguarding K-12 Organizations from Cybersecurity Threats WPGC.pdfmeetsolanki44
 
Education 2.0 Reviews Phishing Scams Targeting Students To Protect Their Info...
Education 2.0 Reviews Phishing Scams Targeting Students To Protect Their Info...Education 2.0 Reviews Phishing Scams Targeting Students To Protect Their Info...
Education 2.0 Reviews Phishing Scams Targeting Students To Protect Their Info...Education 2Conf
 
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...Assignment Help
 
Why Education Sector Needs To Prioritize Cybersecurity? 7 Helpful Importance ...
Why Education Sector Needs To Prioritize Cybersecurity? 7 Helpful Importance ...Why Education Sector Needs To Prioritize Cybersecurity? 7 Helpful Importance ...
Why Education Sector Needs To Prioritize Cybersecurity? 7 Helpful Importance ...Future Education Magazine
 
Cyber Security for Teenagers/Students
Cyber Security for Teenagers/StudentsCyber Security for Teenagers/Students
Cyber Security for Teenagers/Studentsrainrjcahili
 
Security Awareness Program
Security Awareness ProgramSecurity Awareness Program
Security Awareness ProgramDavid Wigton
 
Internet-Safety-1.pptx
Internet-Safety-1.pptxInternet-Safety-1.pptx
Internet-Safety-1.pptxAnnaRicaSicang
 
Something in the library smells phishy
Something in the library smells phishySomething in the library smells phishy
Something in the library smells phishyNicholas Davis
 
Importance of cyber security in education sector
Importance of cyber security in education sectorImportance of cyber security in education sector
Importance of cyber security in education sectorSeqrite
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information SecuritySimoun Ung
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...IRJET Journal
 
Information Systems 365 Lecture Six -- Access Control
Information Systems 365 Lecture Six -- Access ControlInformation Systems 365 Lecture Six -- Access Control
Information Systems 365 Lecture Six -- Access ControlNicholas Davis
 
Computer Security Basics for UW-Madison Emeritus Faculty and Staff
Computer Security Basics for UW-Madison Emeritus Faculty and StaffComputer Security Basics for UW-Madison Emeritus Faculty and Staff
Computer Security Basics for UW-Madison Emeritus Faculty and StaffNicholas Davis
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 

Similaire à Using Measured Security Awareness To Combat Phishing Attacks (20)

CyberFirst-Navigators-Lesson-1-presentation.pptx
CyberFirst-Navigators-Lesson-1-presentation.pptxCyberFirst-Navigators-Lesson-1-presentation.pptx
CyberFirst-Navigators-Lesson-1-presentation.pptx
 
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...
 
Safeguarding K-12 Organizations from Cybersecurity Threats WPGC.pdf
Safeguarding K-12 Organizations from Cybersecurity Threats WPGC.pdfSafeguarding K-12 Organizations from Cybersecurity Threats WPGC.pdf
Safeguarding K-12 Organizations from Cybersecurity Threats WPGC.pdf
 
Education 2.0 Reviews Phishing Scams Targeting Students To Protect Their Info...
Education 2.0 Reviews Phishing Scams Targeting Students To Protect Their Info...Education 2.0 Reviews Phishing Scams Targeting Students To Protect Their Info...
Education 2.0 Reviews Phishing Scams Targeting Students To Protect Their Info...
 
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
Navigating Safely in Cyberspace_ A Guide to Internet Safety and Cybersecurity...
 
Why Education Sector Needs To Prioritize Cybersecurity? 7 Helpful Importance ...
Why Education Sector Needs To Prioritize Cybersecurity? 7 Helpful Importance ...Why Education Sector Needs To Prioritize Cybersecurity? 7 Helpful Importance ...
Why Education Sector Needs To Prioritize Cybersecurity? 7 Helpful Importance ...
 
Cyber Security for Teenagers/Students
Cyber Security for Teenagers/StudentsCyber Security for Teenagers/Students
Cyber Security for Teenagers/Students
 
Security Awareness Program
Security Awareness ProgramSecurity Awareness Program
Security Awareness Program
 
Internet-Safety-1.pptx
Internet-Safety-1.pptxInternet-Safety-1.pptx
Internet-Safety-1.pptx
 
Something in the library smells phishy
Something in the library smells phishySomething in the library smells phishy
Something in the library smells phishy
 
Importance of cyber security in education sector
Importance of cyber security in education sectorImportance of cyber security in education sector
Importance of cyber security in education sector
 
Phishing.pptx
Phishing.pptxPhishing.pptx
Phishing.pptx
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information Security
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
 
Information Systems 365 Lecture Six -- Access Control
Information Systems 365 Lecture Six -- Access ControlInformation Systems 365 Lecture Six -- Access Control
Information Systems 365 Lecture Six -- Access Control
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Computer Security Basics for UW-Madison Emeritus Faculty and Staff
Computer Security Basics for UW-Madison Emeritus Faculty and StaffComputer Security Basics for UW-Madison Emeritus Faculty and Staff
Computer Security Basics for UW-Madison Emeritus Faculty and Staff
 
Users guide
Users guideUsers guide
Users guide
 
Information Security Awareness Session -2020
Information Security Awareness Session -2020Information Security Awareness Session -2020
Information Security Awareness Session -2020
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 

Plus de Nicholas Davis

Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentNicholas Davis
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsNicholas Davis
 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development MethodologiesNicholas Davis
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityNicholas Davis
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Nicholas Davis
 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewNicholas Davis
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets PersonalNicholas Davis
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...Nicholas Davis
 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectNicholas Davis
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...Nicholas Davis
 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Nicholas Davis
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryNicholas Davis
 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing EducationNicholas Davis
 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An OverviewNicholas Davis
 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNicholas Davis
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Nicholas Davis
 

Plus de Nicholas Davis (20)

Conducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) AssessmentConducting a NIST Cybersecurity Framework (CSF) Assessment
Conducting a NIST Cybersecurity Framework (CSF) Assessment
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
UW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support SystemsUW-Madison, Information Systems 371 - Decision Support Systems
UW-Madison, Information Systems 371 - Decision Support Systems
 
Lecture blockchain
Lecture blockchainLecture blockchain
Lecture blockchain
 
Software Development Methodologies
Software Development MethodologiesSoftware Development Methodologies
Software Development Methodologies
 
Information systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD SecurityInformation systems 365 - Cloud and BYOD Security
Information systems 365 - Cloud and BYOD Security
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
Information Systems 365/765, Lecture 4, Policies, Data Classification, Traini...
 
Information Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things OverviewInformation Systems 371 -The Internet of Things Overview
Information Systems 371 -The Internet of Things Overview
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
 
Bringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team ProjectBringing the Entire Information Security Semester Together With a Team Project
Bringing the Entire Information Security Semester Together With a Team Project
 
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
The Deep and Dark Web - Spooky Halloween Information Security Lecture -- Info...
 
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
Student Presentation Sample (Netflix) -- Information Security 365/765 -- UW-M...
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up Summary
 
Organizational Phishing Education
Organizational Phishing EducationOrganizational Phishing Education
Organizational Phishing Education
 
Security Operations -- An Overview
Security Operations -- An OverviewSecurity Operations -- An Overview
Security Operations -- An Overview
 
Network Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security ImplicationsNetwork Design, Common Network Terminology and Security Implications
Network Design, Common Network Terminology and Security Implications
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
Information Security 365/765 Lecture 13 – Legal Regulations, Industry Compli...
 

Dernier

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Dernier (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Using Measured Security Awareness To Combat Phishing Attacks

  • 1. Measured Security Awareness Service Presented by Nicholas Davis, CISSP, CISA
  • 2. Overview Phishing Background Threat to IT on campus Phishing education Tricks employed Sample phishing emails unique to UWMadison Spotting the phish, after the click How measured security awareness works Conducting a campaign in your department Q&A session 1/10/2014 UNIVERSITY OF WISCONSIN 2
  • 3. Phishing Defined Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication, usually email. 1/10/2014 UNIVERSITY OF WISCONSIN 3
  • 5. Why Phishing Is Such a Threat UW-Madison IT infrastructure is designed to protect the campus computing assets with many technical controls However, this persuades hackers to pursue access via alternate means, often choosing to exploit the human factor 1/10/2014 UNIVERSITY OF WISCONSIN 5
  • 6. Your Password Is the Key to the Kingdom If an attacker can persuade you to give them your password, they can evade all the controls put in place to protect sensitive systems 1/10/2014 UNIVERSITY OF WISCONSIN 6
  • 7. UW-Madison’s Proprietary Research Interests Phishers Consider the value of UW-Madison’s intellectual property 1/10/2014 UNIVERSITY OF WISCONSIN 7
  • 8. I am Too Smart to Fall For a Trick Like Phishing Most large organizations have a phishing participation rate of around 10% This rises when the population become the subjects of Spear Phishing, which is phishing email designed specifically for the recipient 1/10/2014 UNIVERSITY OF WISCONSIN 8
  • 9. Phishing Relies Upon Social Engineering The practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security either personal or professional. Social engineering techniques are considered con games which are performed by con artists. The targets of social engineering may never realize they have been victimized. 1/10/2014 UNIVERSITY OF WISCONSIN 9
  • 10. Tricks Used By Expert Phishers Socially Aware: Mining of information about the target from publicly available resources, such as Facebook, property records, or even CCAP Context Aware: Make reference to an activity you are likely to engage in, such as Amazon.com, or UPS package receipt 1/10/2014 UNIVERSITY OF WISCONSIN 10
  • 11. Specific Examples of Complex Phishing Attempts Baiting: Placing a USB flash drive or CD, with malware on it, in a public place 1/10/2014 UNIVERSITY OF WISCONSIN 11
  • 12. Specific Examples of Complex Phishing Attempts QR Code Curiosity: Embedding malicious code within a QR code, on a printout posted to a community bulletin board 1/10/2014 UNIVERSITY OF WISCONSIN 12
  • 13. Specific Examples of Complex Phishing Attempts Out of Office, Out of Control: Taking advantage of an autoresponder, leveraging specific knowledge to exploit co-workers 1/10/2014 UNIVERSITY OF WISCONSIN 13
  • 14. What Would Happen If You Received This Email? 1/10/2014 UNIVERSITY OF WISCONSIN 14
  • 15. What Would Happen If You Received This Email? 1/10/2014 UNIVERSITY OF WISCONSIN 15
  • 16. Tips To Spot Social Engeering Within a Phishing Attempt Asks you to verify a sensitive piece of information A sense of urgency is implied in the message An overt or implied threat may be present Flattery is used to get you to drop your guard Use, and sometimes overuse of organizational knowledge in employed A bribe or reward for your “help” may be offered 1/10/2014 UNIVERSITY OF WISCONSIN 16
  • 17. Have You Ever Been Successfully Phished? 1/10/2014 UNIVERSITY OF WISCONSIN 17
  • 18. Spotting the Phish After the Click Website address looks odd or incorrect IP address shows in address bar Multiple pop-ups appear on top of legitimate website window Website contains spelling or grammar errors No SSL lock is present on what should be a secure site 1/10/2014 UNIVERSITY OF WISCONSIN 18
  • 19. Can You Spot the Issue Here 1/10/2014 UNIVERSITY OF WISCONSIN 19
  • 20. Combat Phishing Attempts Never give away personal information, especially username and password Don’t let curiosity get the best of you Look for the tell-tail signs we have discussed today There are no situations which justify exceptions If something sounds too good to be true… 1/10/2014 UNIVERSITY OF WISCONSIN 20
  • 21. Measured Security Awareness Learning Through Doing Studies demonstrate that people tend to forget formal education, over time The best way to learn and remember, is through experience Measured security awareness is the ability to engage in realistic training within a safe, controlled and blame free environment 1/10/2014 UNIVERSITY OF WISCONSIN 21
  • 22. UW-Madison’s Measured Security Awareness Program The Division of Information Technology has purchased a vendor solution which enables us to conduct measured security awareness campaigns The system is safe The system does NOT collect personal information such as who clicked on links, etc. Information is only reported in aggregate DoIT has been internally phishing 850 internal staff for over a year 1/10/2014 UNIVERSITY OF WISCONSIN 22
  • 23. Results So Far, at DoIT At first, people were apprehensive The beginning phishes were easy After people get accustomed to it, attitudes became more accepting After a year, most people are enjoying the challenge Most importantly, many fewer people are falling for the phish 1/10/2014 UNIVERSITY OF WISCONSIN 23
  • 24. This Proposal Smells Phishy Over the next six months, you will be presented with 12 phishing attacks Some will be easy to detect, others will be more sophisticated and difficult to detect We may even go on a Whaling Expedition! Do you know that that is? Participation rate will be collected (in aggregate) and summarized in a report 1/10/2014 UNIVERSITY OF WISCONSIN 24
  • 25. Q&A Session Are you ready for a phishing expedition? Nicholas Davis ndavis1@wisc.edu 1/10/2014 UNIVERSITY OF WISCONSIN 25